From: Emmanuel Hocdet <manu@gandi.net>
Date: Mon, 1 Oct 2018 16:45:19 +0000 (+0200)
Subject: MINOR: ssl: generate-certificates for BoringSSL
X-Git-Tag: v1.9-dev4~84
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=747ca61693b28e33d7bf5994fee5675a45385635;p=thirdparty%2Fhaproxy.git

MINOR: ssl: generate-certificates for BoringSSL
---

diff --git a/include/proto/openssl-compat.h b/include/proto/openssl-compat.h
index 564d2b4f1a..ffee2e40c1 100644
--- a/include/proto/openssl-compat.h
+++ b/include/proto/openssl-compat.h
@@ -153,7 +153,6 @@ static inline const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x)
 #endif
 
 #ifdef OPENSSL_IS_BORINGSSL
-#define SSL_NO_GENERATE_CERTIFICATES
 
 static inline int EVP_PKEY_base_id(EVP_PKEY *pkey)
 {
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index bb62b672ad..c11acb3b71 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1753,7 +1753,7 @@ ssl_sock_do_create_cert(const char *servername, struct bind_conf *bind_conf, SSL
 	else if (key_type == EVP_PKEY_EC)
 		digest = EVP_sha256();
 	else {
-#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL)
+#if (OPENSSL_VERSION_NUMBER >= 0x1000000fL) && !defined(OPENSSL_IS_BORINGSSL)
 		int nid;
 
 		if (EVP_PKEY_get_default_digest_nid(capkey, &nid) <= 0)